Hardening Guides and Tools for Red Hat Linux (RHEL)

Hardening Guides and Tools for Red Hat Linux (RHEL)

System hardening is an important part in securing computer networks. Each system should get the appropriate security measures to provide a minimum level of trust. In this post we have a look at some of the options when securing a Red Hat based system. This information applies to Red Hat Linux (RHEL), Fedora, CentOS, Scientific Linux and others.

Red Hat

Red Hat itself has a hardening guide for RHEL 4 and is freely available. For their small brother Fedora they have also a hardening guide available, although this one is dated of a couple years back.

CIS

The Center for Internet Security has guides, which are called “Benchmarks”. These benchmarks are available for the most popular operating systems, including Red Hat. While not always up-to-date with the latest release version, they provide valuable tips on securing your system. Some hardening snippets are included to automate the system hardening.

NSA

Also the NSA has a document created to hardening Red Hat. Unfortunately it’s outdated (RHEL 5), but might still be used to apply additional hardening measures on top of other guides. The PDF can be freely download.

Tools

There aren’t many tools which help in auditing or hardening systems, which are also freely available and up-to-date. This is exactly the reason why we maintain Lynis and keep implementing new tests. Another big benefit of using a tool is automation. No hours of reading long pieces of text.

Some alternatives are Tiger and Bastille Linux, which look both unmaintained at the moment. CIS has also a tool of their own (CIS-CAT), which is released for companies having a membership with them.

Tips

If you want to do an extensive check of your systems and implement proper hardening, then we advice to read the mentioned guides. Apply those principles which apply and appropriate for your environment. We argue that it’s better to use tooling and system automation though. It will save a lot of time, which can be invested in the actual system hardening.

2015-01-30: Updated to later Fedora 18 guide (newer, but still outdated in version number)

Linux and UNIX security automation

Lynis is a free and open source security scanner. It helps with testing the defenses of your Linux, macOS, and Unix systems. Typical use-cases for this software include system hardening, vulnerability scanning, and checking compliance with security standards (PCI-DSS, ISO27001, etc).